From 9934dd538b0ce116e3b1600272cb46369b082246 Mon Sep 17 00:00:00 2001 From: Hsieh Chin Fan Date: Wed, 2 Feb 2022 13:34:47 +0800 Subject: init commit --- smtpd/Makefile | 8 ++++++++ smtpd/mail/spam | 11 +++++++++++ smtpd/smtpd.conf | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 smtpd/Makefile create mode 100755 smtpd/mail/spam create mode 100644 smtpd/smtpd.conf (limited to 'smtpd') diff --git a/smtpd/Makefile b/smtpd/Makefile new file mode 100644 index 0000000..a29254f --- /dev/null +++ b/smtpd/Makefile @@ -0,0 +1,8 @@ +all: dkim + sudo mkdir -p /etc/smtpd /etc/mail + sudo ln -sf `pwd`/smtpd.conf /etc/smtpd/smtpd.conf + sudo cp mail/* /etc/mail/ +dkim: + ls /etc/mail/{passwd,dkim.key,dkim.txt} +passwd: + sudo echo $$(id -un):$$(smtpctl encrypt) diff --git a/smtpd/mail/spam b/smtpd/mail/spam new file mode 100755 index 0000000..3c48717 --- /dev/null +++ b/smtpd/mail/spam @@ -0,0 +1,11 @@ +#! /bin/bash + +SIZE=$(ls --size /tmp/spam | cut -d' ' -f1) + +if test $SIZE -gt 10000; then + cat >/tmp/spam +else + cat >>/tmp/spam +fi + +true diff --git a/smtpd/smtpd.conf b/smtpd/smtpd.conf new file mode 100644 index 0000000..e8a5042 --- /dev/null +++ b/smtpd/smtpd.conf @@ -0,0 +1,47 @@ +# This is the smtpd server system-wide configuration file. +# See smtpd.conf(5) for more information, refs: +# https://man.openbsd.org/smtpd.conf.5 +# https://unixdigest.com/tutorials/arch-linux-mail-server-tutorial-part-2-opensmtpd-dovecot-dkimproxy-and-lets-encrypt.html + +# TIPS: Add a new/group vamil for processing dirty stuffs: +# useradd -m -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail + +# Certificates from Let's Encrypt. +pki mail.topo.tw cert "/etc/mail/ssl/fullchain.cer" +pki mail.topo.tw key "/etc/mail/ssl/mail.topo.tw.key" + +# DKIM, command: +# sudo PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install --force git+https://github.com/palant/opensmtpd-filters.git +# refs: https://palant.info/2020/11/09/adding-dkim-support-to-opensmtpd-with-custom-filters/ +filter dkimsign proc-exec "/usr/local/bin/dkimsign topo.tw:dkim:/etc/mail/dkim.key" +filter dkimverify proc-exec "/usr/local/bin/dkimverify topo.tw" +filter dkim chain {"dkimsign", "dkimverify"} + +# refs: https://man.openbsd.org/table.5 +table passwd file:/etc/mail/passwd + +# To also accept external mail over IPv4 or IPv6, +# respectively replace "listen on localhost" with: +# +# listen on 0.0.0.0 +# listen on :: +listen on lo +listen on enp1s0 inet4 hostname "mail.topo.tw" port 25 tls pki mail.topo.tw filter "dkim" +listen on enp1s0 inet4 hostname "mail.topo.tw" port 587 tls-require mask-src pki mail.topo.tw auth-optional filter "dkim" + +# Allow delivery from local or domain-owned-by-me +action "me" maildir "/home/pham/Maildir" virtual { "@" = "pham" } +match from any for domain "topo.tw" action "me" +match from local for local action "me" + +# Allow outgoing emails: authenticated connection only +action "relay" relay +#match from local for any action "relay" +match auth ! from local for any action "relay" +match from local for any action "relay" + +# SPAM: deliver spam to custom mda +action "spam" mda "/etc/mail/spam" virtual { "@" = "pham" } +#match from any for rcpt-to "valxxx@megamail.com.br" action "relay" +#match from any for any action "spam" +#match for any reject -- cgit v1.2.3-70-g09d2